hello Folks,
i am trying to insert(indexing) some unstructured Sentences from my Text editor into Elasticsearch, and only when Logstash arraive a specific Word than start to index all other Words and sentences after this Specific word in one Field,
My Example Log Data in my text editor,
I want to start indexing the sentences from the text editor after the word "FINAL"
my Try until now did not work perfectly, because of the whitespaces and emptyLines between each sentence,
filter {
if [message] =~ "^\s*$" {
drop { }
}
grok {
match => { "message" => "\s+%{GREEDYDATA}FINAL\n\s+%{GREEDYDATA:sentences}"}
}
Can anybody help me to correct my filter?
thx.